Microarchitectural Data Sampling: Difference between revisions

According to varying reports, Intel processors dating back to 2011<ref>{{cite webnews |url=http://social.techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/ |title=New secret-spilling flaw affects almost every Intel chip since 2011 |author-first=Zach |author-last=Whittaker |publisherwork=TechCrunch |date=14 May 2019 |access-date=14 May 2019}}</ref> or 2008<ref name="Greenberg"/> are affected, and the fixes may be associated with a [[computer performance|performance]] drop.<ref name="BBC-20190515">{{cite news |author=<!-- Staff --> |title=Intel Zombieload bug fix to slow data centre computers |url=https://www.bbc.com/news/technology-48278400 |date=15 May 2019 |work=[[BBC News]] |access-date=15 May 2019}}</ref><ref name="PH-20190524">{{cite news |author-last=Larabel |author-first=Michael |title=Benchmarking AMD FX vs. Intel Sandy/Ivy Bridge CPUs Following Spectre, Meltdown, L1TF, Zombieload |url=https://www.phoronix.com/scan.php?page=article&item=sandy-fx-zombieload&num=1 |date=24 May 2019 |work=[[Phoronix]] |access-date=25 May 2019}}</ref> Intel reported that processors manufactured in the month before the disclosure have mitigations against the attacks.<ref name="Greenberg">{{cite news |author-first1=Andy |author-last1=Greenberg |url=https://www.wired.com/story/intel-mds-attack-speculative-execution-buffer/ |title=Meltdown Redux: Intel Flaw Lets Hackers Siphon Secrets from Millions of PCs |newspaper=[[WIRED]] |date=14 May 2019 |access-date=14 May 2019}}</ref>

Intel characterized the vulnerabilities as "low-to-medium" impact, disagreeing with the security researchers who characterized them as major, and disagreeing with their recommendation that operating system software manufacturers should completely disable [[hyperthreading]].<ref name="Greenberg"/><ref name="PCW-20190515">{{cite news |author-last=Mah Ung |author-first=Gordan |title=Intel: You don't need to disable Hyper-Threading to protect against the ZombieLoad CPU exploit - "ZombieLoad" exploit seems to put Intel's Hyper-Threading at risk of being put down |url=https://www.pcworld.com/article/3395439/intel-hyper-threading-zombieload-cpu-exploit.html |date=15 May 2019 |work=[[PC World]] |access-date=15 May 2019}}</ref> Nevertheless, the ZombieLoad vulnerability can be used by hackers exploiting the vulnerability to steal information recently accessed by the affected microprocessor.<ref name="steal data">{{cite web |url=https://www.theverge.com/2019/5/14/18623708/zombieload-attack-intel-processors-speculative-execution |title=ZombieLoad attack lets hackers steal data from Intel chips |author-first=Jacob |author-last=Kastrenakes |publisherwebsite=[[The Verge]] |date=14 May 2019 |access-date=15 May 2019}}</ref>

*On 14 May 2019, a mitigation was released for the [[Linux kernel]],<ref>{{Cite web |url=https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 |title=ChangeLog-5.1.2 |date=14 May 2019 |website=The Linux Kernel Archives |archive-url=https://web.archive.org/web/20190515071751/https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.1.2 |archive-date=15 May 2019 |url-status=live |access-date=15 May 2019}}</ref> and [[Apple Inc.|Apple]], [[Google]], [[Microsoft]], and [[Amazon (company)|Amazon]] released emergency patches for their products to mitigate ZombieLoad.<ref>{{cite webnews |url=http://social.techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/ |title=Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws |author-first=Zach |author-last=Whittaker |publisherwork=TechCrunch |access-date=14 May 2019}}</ref>